[keycloak-user] New authenticator with CompletableFuture as the only authenticating factor

Bill Burke bburke at redhat.com
Wed Feb 15 14:43:22 EST 2017


We don't support async HTTP.  So you either need to block or have your 
login page poll.  If you poll, then your async callback is gonna have to 
re-create a KeycloakSession object.  I suggest you have your 
authenticate() method check to see if a clientSession attribute is set 
or not and have the callback locate the clientSession and set this 
variable.  Hope I'm making sense.


On 2/15/17 10:59 AM, Daniel Radzikowski wrote:
> Hi,
>
> I'm trying to implement new authenticator for Mobile Connect. It is a bit
> unusual flow, where the first method *void
> authenticate(AuthenticationFlowContext context)* before returning a
> challenge, calls a REST API, which prompts user mobile phone with 'Click
> OK' button. This API call waits until the user clicks OK (or timeouts), so
> in order not to block the request, it is wrapped in CompletableFuture and
> the login page (with no inputs) is immediately returned to the browser.
> (browser should't wait for the API call result).
>
> The problem is when the CompletableFuture is completed and calls a
> callback. It's the place where the authentication should occur, but I don't
> have any idea how to do it. The only authenticating factor is OK response
> from this API. Can I set the authentication somehow bypassing the whole
> processor (calling method *action(AuthenticationFlowContext context)* on
> its way)? I thought I will eventually call the *action *from the browser
> (with ajax) and only check if the session is already created. The only
> thing that I can pass to the callback is an AuthenticationFlowContext data
> obtained from the first *action(AuthenticationFlowContext context)* call.
> Is there any way to do it?
>



More information about the keycloak-user mailing list